Ride the Lightning

CIS RAM Puts the CIS Controls™ into Action

October 9, 2018

CIS® recently released CIS RAM (Center for Internet Security Risk Assessment Method). CIS RAM is an information security risk assessment method that helps organizations implement and assess their security posture against the CIS Controls cybersecurity best practices. CIS RAM provides instructions, examples, templates, and exercises for conducting a cyber risk assessment. CIS RAM, developed by HALOCK Security Labs in partnership with CIS, helps model a reasonable use of the CIS Controls to address the risks present in any environment.

There are multiple risk assessment standards in the cybersecurity world. According to CIS, CIS RAM is the first to provide very specific instructions for analyzing information security risk in a way that regulators define as "reasonable" and judges evaluate as "due care." CIS RAM highlights the balance between the harm a security incident might cause and the burden of safeguards – the foundation of "reasonableness."

CIS RAM conforms to established information security risk assessment standards such as ISO 27005, NIST SP 800-30, OCTAVE, and RISK IT. CIS RAM supplements these popular standards by providing detailed instructions and templates for quickly designing and implementing an information security risk assessment.

CIS RAM is free to use by anyone looking to improve their own cybersecurity. New users are typically able to design their risk assessment within the first day of following the CIS RAM instructions. You can download CIS RAM from the link given at the beginning of this post.

Hat tip to Dave Ries.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson